Events

Press

Resource Library

Report

Beyond the Hype: AI, Machine Learning, & Non-Malware Attacks

April 26, 2017

Non-malware attacks, artificial intelligence (AI), and machine learning (ML) have emerged as the topics du jour in cybersecurity. AI's and ML’s roles in preventing cyberattacks have been met with both hope and skepticism. They have been marketed as game-changing technologies—though doubts still persist, especially when used in siloes. Their emergence is due largely to the climbing number of breaches, increased prevalence of non-malware attacks, and the waning efficacy of legacy antivirus (AV).

For businesses, cutting through the noise is no easy task.

For an accurate assessment of the cybersecurity landscape in 2017, Carbon Black turned to the experts. For this research, Carbon Black interviewed 410 leading security researchers in an effort to gauge how non-malware attacks, AI, and ML are currently perceived.

The interviews point to some interesting trends. Among them:

93% said non-malware attacks pose more of a business risk than commodity malware attacks

64% said they’ve seen an increase in non-malware attacks since the beginning of 2016

Non-malware attacks are increasingly leveraging native system tools, such as WMI and PowerShell, to conduct nefarious actions

AI is considered to be in its nascent stages and not yet able to replace human decision making in cybersecurity: 87% said it will be longer than three years before they trust AI to lead cybersecurity decisions

74% said AI-driven cybersecurity solutions are still flawed

70% said ML-driven security solutions can be bypassed by attackers; 30% said attackers could “easily” bypass ML-driven security

Cybersecurity talent, resourcing, and trust in executives continue to be top challenges plaguing many businesses

In addition to key statistics from the research, the report also includes a timeline of notable non-malware attacks, recommendations for incorporating AI and ML into cybersecurity programs, and an “In Their Own Words” section, which includes direct quotes from cybersecurity researchers and unique perspectives on the evolution of non-malware attacks.